本文關(guān)鍵詞： 命名數(shù)據(jù)網(wǎng)絡(luò) 匿名 隱私 安全　出處：《西安電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著“信息爆炸”時(shí)代的到來，當(dāng)前基于TCP/IP的網(wǎng)絡(luò)架構(gòu)在安全性、移動(dòng)性、擁塞控制等方面表現(xiàn)出越來越多的不適應(yīng)性。為了從根本上解決這些問題，未來網(wǎng)絡(luò)研究領(lǐng)域的學(xué)者們重新設(shè)計(jì)網(wǎng)絡(luò)架構(gòu)，以替代TCP/IP網(wǎng)絡(luò)。命名數(shù)據(jù)網(wǎng)絡(luò)（Named Data Networking）是其中的研究熱點(diǎn)之一，采取以數(shù)據(jù)為中心的傳播方式，基于名字路由，而不關(guān)注內(nèi)容存儲(chǔ)的位置，同時(shí)由于其網(wǎng)絡(luò)存儲(chǔ)及基于內(nèi)容的安全保障機(jī)制，有效提高了網(wǎng)絡(luò)的安全性。然而，該網(wǎng)絡(luò)也引入了一系列隱私問題。首先，命名數(shù)據(jù)網(wǎng)絡(luò)中的數(shù)據(jù)包會(huì)泄露發(fā)布者的身份隱私，因?yàn)闉楸ＷC數(shù)據(jù)的完整性與源認(rèn)證，數(shù)據(jù)包中攜帶有發(fā)布者對數(shù)據(jù)的簽名及簽名驗(yàn)證信息；其次，在非機(jī)密信息共享情況下，攻擊者很容易就能獲取請求者發(fā)出的請求包和接收的數(shù)據(jù)包，進(jìn)而分析請求者行為習(xí)慣等，獲取請求者的敏感信息。為解決這些問題，本文針對命名數(shù)據(jù)網(wǎng)絡(luò)提出了一個(gè)匿名認(rèn)證機(jī)制和一個(gè)匿名通信機(jī)制。本文的主要內(nèi)容概括為如下三個(gè)方面： （1）研究歸納命名數(shù)據(jù)網(wǎng)絡(luò)中存在的隱私安全問題，主要包括名字隱私、內(nèi)容隱私、簽名隱私和緩存隱私。 （2）提出一種可實(shí)現(xiàn)發(fā)布者隱私保護(hù)的匿名認(rèn)證機(jī)制。該機(jī)制基于群簽名算法，，同時(shí)支持批驗(yàn)證。該機(jī)制在實(shí)現(xiàn)匿名認(rèn)證，保護(hù)發(fā)布者的身份隱私的同時(shí)，具有較低的驗(yàn)證開銷。 （3）設(shè)計(jì)一種可實(shí)現(xiàn)請求者隱私保護(hù)的匿名通信機(jī)制。該機(jī)制采用了群及分層加密的思想，充分考慮了命名數(shù)據(jù)網(wǎng)絡(luò)多路徑轉(zhuǎn)發(fā)的路由策略，在實(shí)現(xiàn)請求者匿名的同時(shí)，具有錯(cuò)誤容忍和低延遲的特性。
[Abstract]:With the "information explosion" era, the current TCP/IP network architecture based on security, mobility, congestion control showed more and more adaptability. In order to fundamentally solve these problems, the future of the field of network research scholars to re design the network architecture, to replace the TCP/IP network data network (Named Data named. Networking) is one of the research hotspot, adopt data centric communication, based on the name of routing, and pays no attention to the content storage location, at the same time because of the network storage and security mechanism based on content, effectively improve the security of the network. However, the network also introduced a series of privacy first., named data packets in the network will reveal the publisher's identity privacy, because in order to ensure data integrity and source authentication, data packet carries on the data publisher Signature and signature verification information; secondly, in the non confidential information sharing case, the attacker can easily access requests issued request packets and the packets received, and then analyzes the request behavior, obtain sensitive information requests. In order to solve these problems, this paper proposes a network named data anonymous the authentication mechanism and an anonymous communication mechanism. The main contents of this paper are summarized as the following three aspects:
(1) to study the privacy security problems in the nomenclature network, including the name privacy, the content privacy, the signature privacy and the cache privacy.
(2) put forward an anonymous authentication mechanism that can realize publisher privacy protection. This mechanism is based on group signature algorithm, and supports batch verification. The mechanism achieves low anonymity authentication, protects publisher identity privacy, and has low verification cost.
(3) a design can achieve the request of anonymous communication mechanism of privacy protection. The mechanism uses layered encryption and group thinking, fully consider the routing strategy named data network multi path forwarding, in the realization of anonymous request at the same time, with the fault tolerant and low delay characteristics.

【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08


本文編號：1554592